[keycloak-user] Keycloak 4

Pedro Igor Silva psilva at redhat.com
Fri Jun 22 13:09:32 EDT 2018 

The new form of obtaining entitlements relies solely on the token endpoint
just like when you are obtaining access tokens using other OAuth2 grant
types. With that in mind the new format of the request should be a HTTP
POST + parameters. Check this documentation [1] for more details.

Regarding pushing claims to your policies, there is a specific HTTP
parameter that you can use to pass a Base64 encoded JSON with the claims
you want to push.

[1]
https://www.keycloak.org/docs/latest/authorization_services/index.html#_service_obtaining_permissions

On Fri, Jun 22, 2018 at 12:09 PM, Corentin Dupont <corentin.dupont at gmail.com
> wrote:

> Thanks Pedro, I went through the pull request.
> I'm not sure how to modify my entitlement requests?
> For example I have:
> curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer
> $TOKEN" -d '{
>     "permissions" : [
>         {
>             "resource_set_name" : "Sensors",
>             "scopes" : [
>                 "sensors:update"
>             ]
>         }
>     ]
> }'  "http://localhost:8080/auth/realms/waziup/authz/entitlement/waziup"
>
> This call has been moved to uma-2, right?
> Can I add pushed claims to this call? What I'm imagining is:
>
> curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer
> $TOKEN" -d '{
>     "permissions" : [
>         {
>             "resource_set_name" : "Sensors",
>             "scopes" : [
>                 "sensors:update"
>             ]
>         }
>     ],
>     claims: ["owner": "cdupont"]
> }'  "http://localhost:8080/auth/realms/waziup/authz/entitlement/waziup"
>
> In this example, I would like to push the owner of the sensor ("cdupont"),
> which I take from our own database before calling the API.
>
> Sorry about the questions, maybe I should just wait that the documentation
> is merged :)
>
>
>
> On Fri, Jun 22, 2018 at 4:37 PM, Pedro Igor Silva <psilva at redhat.com>
> wrote:
>
>> Hi,
>>
>> We have a few changes to docs that were not released because the PR [1]
>> was not merged on time. But you can check about pushed claims (if you are
>> using our adapters) here [2].
>>
>> Regards.
>> Pedro igor
>>
>> [1] https://github.com/keycloak/keycloak-documentation/pull/402
>> [2] https://www.keycloak.org/docs/latest/authorization_servi
>> ces/index.html#_enforcer_claim_information_point
>>
>> On Wed, Jun 20, 2018 at 10:04 AM, Corentin Dupont <
>> corentin.dupont at gmail.com> wrote:
>>
>>> Hi guys,
>>> I'm playing with the new version of Keycloak (
>>> https://www.keycloak.org/docs/latest/release_notes/index.html)
>>>
>>> I have some questions:
>>> - where is the "account management console"?
>>> - How to use pushed claims? Which APIs are affected?
>>>
>>> Thanks!
>>> Corentin
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>

More information about the keycloak-user mailing list